this post was submitted on 27 Oct 2023
1302 points (98.0% liked)

Memes

45666 readers
880 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
1302
Add-on: same password, same identity. (lemmy.world)
submitted 1 year ago by [email protected] to c/[email protected]
177 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 1 year ago (22 children)

I never got over the fact that I somehow need to trust to an absurdly high degree a proprietary software to store ALL my passwords. Is this really a good idea?

[–] [email protected] 11 points 1 year ago (8 children)

There are libre off-line password managers. Variants of Keepass for example.

Indeed it's a bad idea to store passwords in a propietary system. Specially a cloud based one being hacked time to time, like 1password.

[–] [email protected] -2 points 1 year ago (6 children)

I'm unaware of 1password ever getting hacked.

Even if they did, there's some really smart technology at play here. I think your paranoia here is unjustified. I felt the same way until I read about their technology. At that point I felt comfortable using their service.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I’m unaware of 1password ever getting hacked.

https://cybersecuritynews.com/1password-hacked/?amp

I think your paranoia here is unjustified

You are right in a way. I always assume company sysadmins have access to company data, even if they say the opposite, and I always assume there are undisclosed data leaks. Which may seem a little paranoid.

It's like closing your car's door when leaving it alone: Is it paranoid to assume that always there are someone willing to steal stuff?

[–] [email protected] 0 points 1 year ago (1 children)

https://www.forbes.com/sites/daveywinder/2023/10/24/no-1password-has-not-just-been-hacked-your-passwords-are-safe/?sh=583d97333a09

1password employees don't have access to the data let alone anyone else. The encryption is not bullshit

[–] [email protected] 0 points 1 year ago (1 children)

1password employees don’t have access to the data let alone anyone else.

That's a common good practice.

It's still good idea to assume the opposite.

If you can see plain text passwords, some malicious actor at their side can too. No matter if it's encrypted at rest.

[–] [email protected] 0 points 1 year ago

No, I don't think it's healthy to move through life in such a paranoid state. If I thought that, I wouldn't use a password manager and that would leave several problems unsolved, chiefly I would only be able to remember a couple passwords, opening my identity up for hacking several orders of magnitude likelier to actually happen than 1password's entire technology stack failing at its one job.

load more comments (4 replies)
load more comments (5 replies)
load more comments (18 replies)